[interfaces + route] My new firewall doesn't forward packages
Hi there,
We have an ISP: email, web, ftp, dns and radius servers. I'm trying to
replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am
using the 'mimic' strategy, that is to say, getting the same routing table,
... etc.
*The problem*: The current "new firewall" configuration can not forward any
package. Note that iptables is stopped and all policy (INPUT, OUTPUT &
FORWARD) are set to ACCEPT. I think it is because of the routing table.
I have eth0 and eth1. With the below /etc/network/interfaces' file I get two
lines in the router table.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian
installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 194.224.7.9
netmask 255.255.255.0
network 194.224.7.0
broadcast 194.224.7.255
gateway 194.224.7.1
auto eth1
iface eth1 inet static
address 194.224.7.10
netmask 255.255.255.0
network 194.224.7.0
broadcast 194.224.7.255
Adding some routing rules to the previous 'interfaces' file (see attached
file), to mimic the old firewall routing table I get the below:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
10.128.114.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
194.224.7.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.128.114.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
194.224.7.9 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
194.224.7.90 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo
194.224.7.0 0.0.0.0 255.255.255.128 U 0 0 0 eth1
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 <---
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 <---
0.0.0.0 194.224.7.1 0.0.0.0 UG 0 0 0 eth0
In the old system I have the same but without these two lines below. Is this
the cause of the system not forwarding any package?. How could modigy the
'interfaces' file to remove these two lines?. See attached the
'/etc/network/interfaces '.
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
194.224.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Regards,
Davi Leal
--
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
up route add 127.0.0.1 dev lo
# The first network card - this entry was created during the Debian
installation
# (network, broadcast and gateway are optional)
# eth0 goes to outside (Internet)
auto eth0
iface eth0 inet static
address 194.224.7.9
netmask 255.255.255.0
network 194.224.7.0
broadcast 194.224.7.255
# Default route to Internet via eth0
gateway 194.224.7.1
# Route to go to the Cisco 194.224.7.1 via eth0
up route add 194.224.7.1 dev eth0
# Route to go to Tunels Server 194.224.7.90 via eth0
up route add 194.224.7.90 dev eth0
# Route to go to internal firewall network card
up route add 194.224.7.9 dev eth0
# eth1 goes to the internal network
auto eth1
iface eth1 inet static
address 194.224.7.10
netmask 255.255.255.0
network 194.224.7.0
broadcast 194.224.7.255
# gateway 194.224.7.1
# Route to 194.224.7.0/128 via eth1
up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1
# Route to Radius server via eth1
up route add 10.128.114.2 dev eth1
# Route to 'Telefonica Infovia' via eth1
up route add 10.128.114.4 dev eth1
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: